Vulnerability-Lookup

CVE-2019-19919 (GCVE-0-2019-19919)

Vulnerability from cvelistv5 – Published: 2019-12-20 22:50 – Updated: 2024-08-05 02:32

Summary

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
https://www.npmjs.com/advisories/1164	x_refsource_MISC
https://www.tenable.com/security/tns-2021-14	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:09.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.npmjs.com/advisories/1164"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:07:21.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.npmjs.com/advisories/1164"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19919",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.npmjs.com/advisories/1164",
              "refsource": "MISC",
              "url": "https://www.npmjs.com/advisories/1164"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19919",
    "datePublished": "2019-12-20T22:50:39.000Z",
    "dateReserved": "2019-12-20T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:32:09.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-19919",
      "date": "2026-05-27",
      "epss": "0.24752",
      "percentile": "0.96225"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"6FBBF1FB-FAEF-41B9-8E6E-A7DDA881C201\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.7:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"4BF4DC1D-DDD7-4617-A438-AED32D4D2F6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.8:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"B97055D1-E30A-44DC-9792-A74DF11B2110\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.9:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"3079C4D9-56D0-47F5-ABED-02DD89D0E8D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.10:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"89F30120-98DA-4418-B92C-803EAEA5A2FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.11:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"47712A16-6191-47BB-B882-224EBF2DB25D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.12:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"3BCF49BE-5CF7-404C-899D-9596C0C104BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"7619CE95-7EC1-4EDA-B604-BC67CDE33727\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.1:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"4CF11D05-33CF-4BC6-BD81-FF3ABB75CEA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.2:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"8BE0C388-BA09-4972-94D0-ADB5B77B8763\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"263741E0-F7D4-4A0B-AE73-3EA3192E9694\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.1:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"E96203B2-1DCC-4691-B219-C913068BC033\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:1.3.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"B3BA06B6-42E7-47FF-AED7-6E5A8E14A08B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:2.0.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"1F0B3A6C-10B2-4142-889C-23D53B31EC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"018B3A23-8A8C-4BAD-BC58-D5418B79D322\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.1:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"383DF444-D620-4EC2-A3C8-1D51E40786C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.2:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"1AE16B41-008D-466F-99A2-938A92CEFF2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.3:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"D12A5B4E-7834-42F9-908F-E32DF2D3CD7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.4:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"B2AF202E-BEAD-4A4C-B8B0-B4F14A0610F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.5:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"BAE9F367-D1E7-4E5C-A9D5-22565A5F674B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.6:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"0BCA804B-5D31-47D8-95CB-363E7980D28D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.7:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"476DBC97-8693-4EF4-A4A4-8C10CC8F33D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"16D4CD1A-6A58-42A9-A3E7-448BB7252CFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.1:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"49B8323F-939F-4600-835A-E0E5EACB5276\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.2:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"9BD938F8-0962-4983-902C-B96790A83ED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.3:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"775A330D-44DA-426E-9DFB-7B3FA617C887\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.4:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"12C85BFA-8E59-4FF0-803B-224FD8955A14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.5:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"6816A885-1EE1-40B7-A2CA-1CCD2594497E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.6:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"ED35F37A-A85A-42FF-847F-D0E9F21DEC99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.7:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"8810BDCB-555A-43B0-A003-6B74E2559B7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.8:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"39CE17D1-10A6-46F8-86B8-CF91E98E30F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.9:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"9F2F975B-DAEB-47BF-AC41-CCC13C7E3CDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.10:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"3F795717-AA89-4316-B357-6329FDF534DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.11:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"26BA7CCF-AD82-4CC6-8E2C-8EF43C3250CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.12:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"24788A2C-438C-49FA-A20D-383AC9CD699B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.13:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"74530A3D-0B50-43CA-ABA7-95A6D1D99C9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.14:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"A544C487-98E2-4A30-8878-C8BC7F5CD2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"B635034C-5DDD-433F-A453-DCE8D8D736C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.1:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"FA83D29F-0083-4332-A618-56DB0ED59024\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.2:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"F6321E82-B999-4BCD-8FD6-E1B55A60A41A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.0:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"FEACA66E-4BDE-41DC-9797-21B81BB43E01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.1:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"62A44232-6323-434E-8653-D7C2238702DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.2:-:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"B83F4927-BB98-4791-96E9-FF6D302A2AD8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.19.0\", \"matchCriteriaId\": \"41DBA7C7-8084-45F6-B59D-13A9022C34DF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.\"}, {\"lang\": \"es\", \"value\": \"Las versiones anteriores a 4.3.0 de handlebars, son vulnerables a la Contaminaci\\u00f3n de Prototipos conllevando a una ejecuci\\u00f3n de c\\u00f3digo remota. Las plantillas pueden alterar las propiedades __proto__ y __defineGetter__ de un Objeto, lo que puede permitir a un atacante ejecutar c\\u00f3digo arbitrario por medio de cargas \\u00fatiles dise\\u00f1adas.\"}]",
      "id": "CVE-2019-19919",
      "lastModified": "2024-11-21T04:35:39.797",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-20T23:15:11.480",
      "references": "[{\"url\": \"https://www.npmjs.com/advisories/1164\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.npmjs.com/advisories/1164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1321\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19919\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-20T23:15:11.480\",\"lastModified\":\"2024-11-21T04:35:39.797\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.\"},{\"lang\":\"es\",\"value\":\"Las versiones anteriores a 4.3.0 de handlebars, son vulnerables a la Contaminaci\u00f3n de Prototipos conllevando a una ejecuci\u00f3n de c\u00f3digo remota. Las plantillas pueden alterar las propiedades __proto__ y __defineGetter__ de un Objeto, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario por medio de cargas \u00fatiles dise\u00f1adas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6FBBF1FB-FAEF-41B9-8E6E-A7DDA881C201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.7:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4BF4DC1D-DDD7-4617-A438-AED32D4D2F6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.8:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B97055D1-E30A-44DC-9792-A74DF11B2110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.9:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3079C4D9-56D0-47F5-ABED-02DD89D0E8D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.10:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"89F30120-98DA-4418-B92C-803EAEA5A2FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.11:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"47712A16-6191-47BB-B882-224EBF2DB25D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.12:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3BCF49BE-5CF7-404C-899D-9596C0C104BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7619CE95-7EC1-4EDA-B604-BC67CDE33727\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4CF11D05-33CF-4BC6-BD81-FF3ABB75CEA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8BE0C388-BA09-4972-94D0-ADB5B77B8763\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"263741E0-F7D4-4A0B-AE73-3EA3192E9694\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E96203B2-1DCC-4691-B219-C913068BC033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.3.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B3BA06B6-42E7-47FF-AED7-6E5A8E14A08B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:2.0.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1F0B3A6C-10B2-4142-889C-23D53B31EC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"018B3A23-8A8C-4BAD-BC58-D5418B79D322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"383DF444-D620-4EC2-A3C8-1D51E40786C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1AE16B41-008D-466F-99A2-938A92CEFF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.3:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D12A5B4E-7834-42F9-908F-E32DF2D3CD7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.4:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B2AF202E-BEAD-4A4C-B8B0-B4F14A0610F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.5:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BAE9F367-D1E7-4E5C-A9D5-22565A5F674B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.6:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0BCA804B-5D31-47D8-95CB-363E7980D28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.7:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"476DBC97-8693-4EF4-A4A4-8C10CC8F33D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"16D4CD1A-6A58-42A9-A3E7-448BB7252CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"49B8323F-939F-4600-835A-E0E5EACB5276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9BD938F8-0962-4983-902C-B96790A83ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.3:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"775A330D-44DA-426E-9DFB-7B3FA617C887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.4:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"12C85BFA-8E59-4FF0-803B-224FD8955A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.5:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6816A885-1EE1-40B7-A2CA-1CCD2594497E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.6:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"ED35F37A-A85A-42FF-847F-D0E9F21DEC99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.7:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8810BDCB-555A-43B0-A003-6B74E2559B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.8:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"39CE17D1-10A6-46F8-86B8-CF91E98E30F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.9:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9F2F975B-DAEB-47BF-AC41-CCC13C7E3CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.10:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3F795717-AA89-4316-B357-6329FDF534DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.11:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"26BA7CCF-AD82-4CC6-8E2C-8EF43C3250CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.12:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"24788A2C-438C-49FA-A20D-383AC9CD699B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.13:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"74530A3D-0B50-43CA-ABA7-95A6D1D99C9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.14:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A544C487-98E2-4A30-8878-C8BC7F5CD2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B635034C-5DDD-433F-A453-DCE8D8D736C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FA83D29F-0083-4332-A618-56DB0ED59024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F6321E82-B999-4BCD-8FD6-E1B55A60A41A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FEACA66E-4BDE-41DC-9797-21B81BB43E01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"62A44232-6323-434E-8653-D7C2238702DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B83F4927-BB98-4791-96E9-FF6D302A2AD8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.19.0\",\"matchCriteriaId\":\"41DBA7C7-8084-45F6-B59D-13A9022C34DF\"}]}]}],\"references\":[{\"url\":\"https://www.npmjs.com/advisories/1164\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.npmjs.com/advisories/1164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à R1912
Juniper Networks	N/A	Juniper Networks SBR Carrier versions antérieures à 8.4.1R19
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.4R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10992 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10986 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10985 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10980 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10981 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10983 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10979 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10987 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10982 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10990 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10991 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10993 du 08 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2020-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
    },
    {
      "name": "CVE-2018-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2018-5743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-11810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
    },
    {
      "name": "CVE-2020-1606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2020-1608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
    },
    {
      "name": "CVE-2020-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2017-17805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2020-1601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
    },
    {
      "name": "CVE-2017-2595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
    },
    {
      "name": "CVE-2016-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2017-12174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2020-1607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2019-14835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2020-1604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2020-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2020-1609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
    },
    {
      "name": "CVE-2020-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
    },
    {
      "name": "CVE-2020-1600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2021-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Tivoli Monitoring (installé sur WebSphere Application Server) versions 6.3.0 Fix Pack 7 Service Pack 5
	IBM	N/A	IBM Resilient versions antérieures à 41.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6471655 du 16 juillet 2021	None	vendor-advisory
Bulletin de sécurité IBM 6473095 du 16 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Monitoring (install\u00e9 sur WebSphere Application Server) versions 6.3.0 Fix Pack 7 Service Pack 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Resilient versions ant\u00e9rieures \u00e0 41.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-5262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
    },
    {
      "name": "CVE-2011-1498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1498"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-20453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20453"
    },
    {
      "name": "CVE-2012-6153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
    },
    {
      "name": "CVE-2014-3577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
    },
    {
      "name": "CVE-2021-20480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20480"
    },
    {
      "name": "CVE-2021-20454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20454"
    },
    {
      "name": "CVE-2021-26296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26296"
    },
    {
      "name": "CVE-2021-32820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32820"
    },
    {
      "name": "CVE-2020-5258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6471655 du 16 juillet 2021",
      "url": "https://www.ibm.com/support/pages/node/6471655"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6473095 du 16 juillet 2021",
      "url": "https://www.ibm.com/support/pages/node/6473095"
    }
  ]
}

CERTFR-2021-AVI-571

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions antérieures à 5.19.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2021-14 du 22 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2020-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
    },
    {
      "name": "CVE-2019-11048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2019-11041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
    },
    {
      "name": "CVE-2020-7071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
    },
    {
      "name": "CVE-2019-11045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
    },
    {
      "name": "CVE-2021-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
    },
    {
      "name": "CVE-2020-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
    },
    {
      "name": "CVE-2020-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
    },
    {
      "name": "CVE-2019-11046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
    },
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2021-21705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-23358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2020-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2019-11044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
    },
    {
      "name": "CVE-2020-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2017-5661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
    },
    {
      "name": "CVE-2019-11047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
    },
    {
      "name": "CVE-2020-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
    },
    {
      "name": "CVE-2019-11050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    },
    {
      "name": "CVE-2020-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
    },
    {
      "name": "CVE-2019-11042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
    },
    {
      "name": "CVE-2019-11049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
    },
    {
      "name": "CVE-2021-21702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-571",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ]
}

CERTFR-2022-AVI-278

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM Spectrum discover. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Spectrum	IBM Spectrum Discover versions 2.0.4.X antérieures à 2.0.4.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6566889 du 28 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6568675 du 31 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Discover versions 2.0.4.X ant\u00e9rieures \u00e0 2.0.4.5",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7751"
    },
    {
      "name": "CVE-2019-20477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2020-28498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
    },
    {
      "name": "CVE-2020-8116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8116"
    },
    {
      "name": "CVE-2020-7699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7699"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2020-7720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
    },
    {
      "name": "CVE-2013-7459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7459"
    },
    {
      "name": "CVE-2021-23369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2020-13822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
    },
    {
      "name": "CVE-2020-7608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
    },
    {
      "name": "CVE-2021-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
    },
    {
      "name": "CVE-2019-20922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
    },
    {
      "name": "CVE-2018-6594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6594"
    },
    {
      "name": "CVE-2020-7660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2019-20920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
    },
    {
      "name": "CVE-2021-23383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
    },
    {
      "name": "CVE-2021-3918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
    },
    {
      "name": "CVE-2022-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
    },
    {
      "name": "CVE-2021-43616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43616"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-278",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-29T00:00:00.000000"
    },
    {
      "description": "ajout avis \u00e9diteur du 31 mars 2022 et CVE CVE-2021-41092",
      "revision_date": "2022-04-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\ndiscover. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum discover",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6566889 du 28 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6566889"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6568675 du 31 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6568675"
    }
  ]
}

CERTFR-2020-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à R1912
Juniper Networks	N/A	Juniper Networks SBR Carrier versions antérieures à 8.4.1R19
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.4R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10992 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10986 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10985 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10980 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10981 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10983 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10979 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10987 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10982 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10990 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10991 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10993 du 08 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2020-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
    },
    {
      "name": "CVE-2018-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2018-5743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-11810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
    },
    {
      "name": "CVE-2020-1606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2020-1608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
    },
    {
      "name": "CVE-2020-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2017-17805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2020-1601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
    },
    {
      "name": "CVE-2017-2595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
    },
    {
      "name": "CVE-2016-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2017-12174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2020-1607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2019-14835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2020-1604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2020-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2020-1609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
    },
    {
      "name": "CVE-2020-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
    },
    {
      "name": "CVE-2020-1600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2021-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Tivoli Monitoring (installé sur WebSphere Application Server) versions 6.3.0 Fix Pack 7 Service Pack 5
	IBM	N/A	IBM Resilient versions antérieures à 41.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6471655 du 16 juillet 2021	None	vendor-advisory
Bulletin de sécurité IBM 6473095 du 16 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Monitoring (install\u00e9 sur WebSphere Application Server) versions 6.3.0 Fix Pack 7 Service Pack 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Resilient versions ant\u00e9rieures \u00e0 41.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-5262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
    },
    {
      "name": "CVE-2011-1498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1498"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-20453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20453"
    },
    {
      "name": "CVE-2012-6153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
    },
    {
      "name": "CVE-2014-3577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
    },
    {
      "name": "CVE-2021-20480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20480"
    },
    {
      "name": "CVE-2021-20454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20454"
    },
    {
      "name": "CVE-2021-26296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26296"
    },
    {
      "name": "CVE-2021-32820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32820"
    },
    {
      "name": "CVE-2020-5258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6471655 du 16 juillet 2021",
      "url": "https://www.ibm.com/support/pages/node/6471655"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6473095 du 16 juillet 2021",
      "url": "https://www.ibm.com/support/pages/node/6473095"
    }
  ]
}

CERTFR-2021-AVI-571

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions antérieures à 5.19.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2021-14 du 22 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2020-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
    },
    {
      "name": "CVE-2019-11048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2019-11041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
    },
    {
      "name": "CVE-2020-7071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
    },
    {
      "name": "CVE-2019-11045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
    },
    {
      "name": "CVE-2021-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
    },
    {
      "name": "CVE-2020-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
    },
    {
      "name": "CVE-2020-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
    },
    {
      "name": "CVE-2019-11046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
    },
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2021-21705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-23358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2020-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2019-11044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
    },
    {
      "name": "CVE-2020-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2017-5661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
    },
    {
      "name": "CVE-2019-11047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
    },
    {
      "name": "CVE-2020-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
    },
    {
      "name": "CVE-2019-11050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    },
    {
      "name": "CVE-2020-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
    },
    {
      "name": "CVE-2019-11042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
    },
    {
      "name": "CVE-2019-11049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
    },
    {
      "name": "CVE-2021-21702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-571",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ]
}

CERTFR-2022-AVI-278

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Spectrum	IBM Spectrum Discover versions 2.0.4.X antérieures à 2.0.4.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6566889 du 28 mars 2022	None	vendor-advisory
Bulletin de sécurité IBM 6568675 du 31 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Discover versions 2.0.4.X ant\u00e9rieures \u00e0 2.0.4.5",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7751"
    },
    {
      "name": "CVE-2019-20477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2020-28498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
    },
    {
      "name": "CVE-2020-8116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8116"
    },
    {
      "name": "CVE-2020-7699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7699"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2020-7720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
    },
    {
      "name": "CVE-2013-7459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7459"
    },
    {
      "name": "CVE-2021-23369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2020-13822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
    },
    {
      "name": "CVE-2020-7608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
    },
    {
      "name": "CVE-2021-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
    },
    {
      "name": "CVE-2019-20922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
    },
    {
      "name": "CVE-2018-6594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6594"
    },
    {
      "name": "CVE-2020-7660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2019-20920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
    },
    {
      "name": "CVE-2021-23383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
    },
    {
      "name": "CVE-2021-3918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
    },
    {
      "name": "CVE-2022-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
    },
    {
      "name": "CVE-2021-43616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43616"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-278",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-29T00:00:00.000000"
    },
    {
      "description": "ajout avis \u00e9diteur du 31 mars 2022 et CVE CVE-2021-41092",
      "revision_date": "2022-04-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\ndiscover. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum discover",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6566889 du 28 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6566889"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6568675 du 31 mars 2022",
      "url": "https://www.ibm.com/support/pages/node/6568675"
    }
  ]
}

BDU:2020-00795

Vulnerability from fstec - Published: 20.12.2019

Title

Уязвимость компонентов __proto__ и __defineGetter__ properties шаблонизатора Handlebars, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость компонентов __proto__ и __defineGetter__ properties шаблонизатора Handlebars существует из-за непринятия мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Node.js Foundation, Сообщество свободного программного обеспечения, Juniper Networks Inc.

Software Name

handlebars, Debian GNU/Linux, Contrail Networking

Software Version

до 4.3.0 (handlebars), до 10.3 (Debian GNU/Linux), до R1912 (Contrail Networking)

Possible Mitigations

Использование рекомендаций: Для handlebars: https://www.npmjs.com/advisories/1164 Для Debian GNU/Linux: https://www.debian.org/News/2020/20200208.ru.html Для программных продуктов Juniper Networks Inc.: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10992&cat=SIRT_1&actp=LIST

Reference

https://www.npmjs.com/advisories/1164 https://www.debian.org/News/2020/20200208.ru.html https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10992&cat=SIRT_1&actp=LIST https://nvd.nist.gov/vuln/detail/CVE-2019-19919

CWE

CWE-74

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Node.js Foundation, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.3.0 (handlebars), \u0434\u043e 10.3 (Debian GNU/Linux), \u0434\u043e R1912 (Contrail Networking)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f handlebars:\nhttps://www.npmjs.com/advisories/1164\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/News/2020/20200208.ru.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Juniper Networks Inc.:\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.12.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.03.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.03.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00795",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19919",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "handlebars, Debian GNU/Linux, Contrail Networking",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux \u0434\u043e 10.3 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 __proto__  \u0438 __defineGetter__ properties \u0448\u0430\u0431\u043b\u043e\u043d\u0438\u0437\u0430\u0442\u043e\u0440\u0430 Handlebars, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u0430\u044f \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u043e\u0441\u043e\u0431\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c (\u00ab\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f\u00bb) (CWE-74)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 __proto__  \u0438 __defineGetter__ properties \u0448\u0430\u0431\u043b\u043e\u043d\u0438\u0437\u0430\u0442\u043e\u0440\u0430 Handlebars \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.npmjs.com/advisories/1164\nhttps://www.debian.org/News/2020/20200208.ru.html\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19919",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-74",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2019-47434

Vulnerability from cnvd - Published: 2019-12-27

Title

handlebars存在未明漏洞

Description

handlebars是一款语义化的Web模板系统。 handlebars 4.3.0之前版本中存在安全漏洞。攻击者可利用该漏洞借助特制的payloads执行任意代码。

Severity

高

Patch Name

handlebars存在未明漏洞的补丁

Patch Description

handlebars是一款语义化的Web模板系统。 handlebars 4.3.0之前版本中存在安全漏洞。攻击者可利用该漏洞借助特制的payloads执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布相关漏洞补丁链接，请及时更新： https://handlebarsjs.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-19919

Impacted products

Name
handlebars handlebars <4.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19919"
    }
  },
  "description": "handlebars\u662f\u4e00\u6b3e\u8bed\u4e49\u5316\u7684Web\u6a21\u677f\u7cfb\u7edf\u3002\n\nhandlebars 4.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u7279\u5236\u7684payloads\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://handlebarsjs.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-47434",
  "openTime": "2019-12-27",
  "patchDescription": "handlebars\u662f\u4e00\u6b3e\u8bed\u4e49\u5316\u7684Web\u6a21\u677f\u7cfb\u7edf\u3002\r\n\r\nhandlebars 4.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u7279\u5236\u7684payloads\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "handlebars\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "handlebars handlebars \u003c4.3.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-23",
  "title": "handlebars\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-19919 (GCVE-0-2019-19919)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature